rüyabet
Software Engineer- Supply Chain job at Semgrep San Francisco, CA, US - darpl.co.in

Software Engineer- Supply Chain Job at Semgrep, San Francisco, CA

WUwzV2FnQ1FZdXdEVWtSaUhiU1VyaUNlUEE9PQ==
  • Semgrep
  • San Francisco, CA

Job Description

About Semgrep

Our mission is to make world-class software security available to everyone. This means building program analysis tools that are open source, easy to use, powerful, and fast. It also means building a team with security expertise and a passion for great developer experiences. Most of all, it means working with honesty and respect in a diverse community of dreamers and builders. We’ve redefined static analysis tooling by committing to all of these, and turned our project, Semgrep, into an essential safeguard for code at Snowflake, Dropbox, and more.

About the role

As a backend engineer on Semgrep’s Supply Chain team, you’ll build customer-facing tools to help developers secure their software from vulnerabilities introduced by dependencies. Other supply chain management tools exist, but they produce far too much noise to be useful or efficient. Security teams may file through thousands of vulnerabilities, informing developers that hundreds of their dependencies have introduced critical vulnerabilities and need updating, when in reality they are not even using those dependencies in a vulnerable way. Perhaps you’ve even felt this pain yourself!

Our goal is to cut through the noise: to make it easy to find and remediate the 2% of vulnerabilities that are actually reachable given the way our customers’ use their dependencies. We work to make supply chain security as simple and intuitive for our users as possible so developers can focus on their own mission.

You’ll learn about the application-security space, shadow more senior engineers, collaborate with product managers and other engineers to create security tools our customers love, architect systems for storing and maintaining sensitive data, and help us surface those data back to our users to help them understand their individual security posture. Through Semgrep’s culture of transparency, you’ll see and influence the decisions that make a startup successful. Your decisions will be key to making Semgrep a world-leading static-analysis project, giving you lasting influence not only at Semgrep, but in the world’s developer community.

You will:

  • Work on major product initiatives end-to-end, from user-research through design, implementation, and deployment
  • Learn from users to understand their needs, build products to help keep them secure, and work with them to help them scale their security programs
  • Advocate for and develop intuitive, simple, robust APIs that solve a wide variety of complex problems using simple, elegant abstractions
  • Ensure continual, high-availability operation of services using modern site-reliability practices, including participation in an on-call rotation

You are ideal for this role if you have:

  • 3+ years of experience writing production software and building web applications. Our stack includes Python, Javascript, and Postgres
  • Excitement about building for customers, learning their needs, iterating fast, and seeing your solutions solve their core problems
  • Excellent and proactive communication, both verbal and written

Some examples projects you might work on include:

  • Identify which of a user’s dependencies would fix the highest number of downstream vulnerabilities when upgraded
  • Identify and filter which of a user’s dependencies/vulnerabilities are actually applicable in their production environments
  • Collect and expose health metrics on open source dependencies to help keep users’ software free of poorly maintained, low quality, and malicious packages
  • Flag vulnerable dependencies in developer IDEs as they are used and prevent them from ever making it to production

Compensation

Salary Range : $145,500 - $171,000

Our compensation package includes equity and benefits in addition to salary.

Please note that the range listed is for someone based in the San Francisco Bay Area.

What we offer

Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.

We also invest in our employees’ well-being and long term success with comprehensive health plans, generous vacation time, 401k, learning stipends, and more. Our benefits are for everyone, so that you’re taken care of, and we work with individuals to make sure they have what they need, whether that’s quiet work space, adjusted hours, or something else.

Who we are

We have people from France and the Philippines, physics and philosophy, formal methods research and full fledged corporations. We’re new parents and new grads, aspiring authors and aspiring Americans, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.

Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here.

Job Tags

Weekend work,

Similar Jobs

Applied Research Associates, Inc

TTP Red Cyber Researcher Job at Applied Research Associates, Inc

 ...ARA's ISR division is looking to hire a TTP Red Cyber Researcher! TTP Red Cyber Researchers must be capable of researching, identifying...  ...conducted by the employer, or (c) consistent with the contractors legal duty to furnish information. 41 CFR 60-1.35(c) See job... 

Anytime Fitness - Mt. Vernon, WA

Personal Fitness Trainer / Fitness Coach Job at Anytime Fitness - Mt. Vernon, WA

Anytime Fitness is considered to be a premier place to work within the industry, where our...  .... This is a position to help grow our Personal Training department by working in a creative...  ...day is different.CERTIFIED PERSONAL TRAINERThe Personal Trainers focus is on... 

SeaBreeze Homes and Living

Work From Home-Personal Assistant-Travel Industry Job at SeaBreeze Homes and Living

 ...Industry Knowledge: We provide full training! Knowledge of travel industry trends, destinations, and products a plus...  ...regulations, visa requirements, and other legal aspects related to international and domestic travel Teamwork: ~ Ability to work well... 

Amentum

Program and Project Support Specialist II-6 Job at Amentum

 ...Advanced level supporting the Project Office with tasks such as managing the day to day operations of the office, organizing and...  ...external agency requests. Monitoring and documenting actions from telecoms and meetings, as required. Minimum Requirements: High school... 

Children's Dental FunZone

Bookkeeper Job at Children's Dental FunZone

 ...Join Our Team as a Bookkeeper! Children's Dental FunZone is seeking a meticulous and organized Bookkeeper with a QuickBooks online experienceto join our team. Key Responsibilities: Accurately manage and maintain comprehensive financial records, including accounts...